Posts

Employee Indicted for Hacking Kansas Water Utility and Trying to Shut Down Key Systems

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


A federal grand jury is indicting a 22-year-old guy over accusations that he tampered with a public water system. Dude allegedly hacked into a computer system that controls a rural water utility in Ellsworth County, Kansas, then messing with the virtual processes that affect procedures for cleaning and disinfecting drinking water.



As if we didn’t have enough risks to drinking water to manage.


© Photo: Tony Gutierrez (AP)
As if we didn’t have enough risks to drinking water to manage.

On March 31, Wyatt Travnichek was charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access. If convicted, he’ll face up to 25 years in prison and $500,000 in fines.

Loading...

Load Error

The story is pretty wild. Travnichek actually worked at the water district, which services more than 1,500 retail customers and 10 wholesale customers in eight Kansas counties, from January 2018 to January 2019. Part of his role was to virtually monitor its water plant after hours by remotely log into the district’s computer system, so in a sense he was just doing his old job.

The Department of Justice alleges that he logged on with the intention to harm, though thankfully, according to Cyberscoop, no one was harmed. According to the indictment, Travnichek “accessed a protected computer without authorization,” then remotely logged on and “performed activities that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures.”

“By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas, said in a statement. “EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.”

The Crisis at a Florida Wastewater Reservoir Show the Risks of Our Weak Infrastructure

What’s even more bonkers than this guy’s actions, though, was that he was able to carry them…

Source…

Kansas Man Faces Federal Charges Over Water Treatment Hack

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Critical Infrastructure Security
,
Cybercrime
,
Fraud Management & Cybercrime

DOJ: Wyatt Travnichek Allegedly Accessed Cleaning and Disinfecting System

Kansas Man Faces Federal Charges Over Water Treatment Hack
This is the website of the Ellsworth County Rural Water District in Kansas. The facility was targeted in an attack in 2019, according to the Justice Department.

A Kansas man faces federal charges for allegedly accessing the network of a local water treatment facility and tampering with the systems that control the cleaning and disinfecting procedures for local water sources, according to the U.S. Justice Department.

See Also: Top 50 Security Threats

Wyatt Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access, according to the U.S. Attorney’s Office for the District of Kansas, which is overseeing the case. Travnichek is a former employee at the facility.

Travnichek was served with a summons after the indictment was unsealed this week by federal prosecutors and is slated to make his first court appearance on April 22, according to documents from the case.

The most serious of the two charges – tampering with a public water system – carries a possible 20-year federal prison term and a $250,000 fine, the Justice Department notes. The charge of tampering with a protected computer is punishable by up to five years in federal prison.

In March 2019, Travnichek remotely accessed the network of the Ellsworth County Rural Water…

Source…

Kansas Man Indicted for Hacking, Tampering with a Public Water System – Homeland Security Today

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


A Kansas man has been indicted on a federal charge accusing him of tampering with a public water system, Acting U.S. Attorney Duston Slinkard said Wednesday.

Wyatt A. Travnichek, 22, of Ellsworth County, Kansas is charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access.

“Our office is committed to maintaining and improving its partnership with the state of Kansas in the administration and implementation of the Safe Drinking Water Act of 1974,” said Acting U.S. Attorney Duston Slinkard. “Drinking water that is considered safe is essential to the protection of the public’s health.”

The indictment alleges that on or about March 27, 2019, in the District of Kansas, Travnichek knowingly accessed the Ellsworth County Rural Water District’s protected computer system without authorization. During this unauthorized access, it is alleged Travnichek performed activities that shut down the processes at the facility which affect the facilities cleaning and disinfecting procedures with the intention of harming the Ellsworth Rural Water District No. 1, also known as Post Rock Rural Water District.

“By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” said Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas. “EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.”

Upon conviction, the alleged crimes carry the following penalties:

Tampering with a Public Water System: Up to 20 years in federal prison and a fine up to $250,000.
Reckless Damage to a Protected Computer During Unauthorized Access: Up to 5 years in federal prison and a fine up to $250,000.

Read more at the Justice Department

(Visited 8 times, 1 visits today)

Source…

America’s drinking water is surprisingly easy to poison — GCN


Close up pouring purified fresh drink water from the bottle on table (Cozine/Shutterstock.com)

America’s drinking water is surprisingly easy to poison

This article was first posted to ProPublica.

On Feb. 16, less than two weeks after a mysterious attacker made headlines around the world by hacking a water treatment plant in Oldsmar, Florida, and nearly generating a mass poisoning, the city’s mayor declared victory.

“This is a success story,” Mayor Eric Seidel told the City Council in Oldsmar, a Tampa suburb of 15,000, after acknowledging “some deficiencies.” As he put it, “our protocols, monitoring protocols, worked. Our staff executed them to perfection. And as the city manager said, there were other backups. … We were breached, there’s no question. And we’ll make sure that doesn’t happen again. But it’s a success story.” Two council members congratulated the mayor, noting his turn at the press conference where the hack was disclosed. “Even on TV, you were fantastic,” said one.

“Success” is not the word that cybersecurity experts use to describe the Oldsmar episode. They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.

The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems.

“Frankly, they got very lucky,” said retired Adm. Mark Montgomery, executive director of the federal Cyberspace Solarium Commission, which Congress established in 2018 to upgrade the nation’s defenses against major cyberattacks. Montgomery likened the Oldsmar outcome to a pilot landing a plane after an engine caught fire during a flight. “They shouldn’t celebrate like Tom Brady winning the Super Bowl,” he said. “They didn’t win a game. They averted a disaster through a lot of good fortune.”

The motive and…

Source…